CVE-2022-24348

HIGH

Argo CD <2.1.9 & <2.2.4 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-24348. PoCs published by DeveloperOl.

AI-analyzed exploit summary This repository contains a Helm chart that exploits CVE-2022-24348, a vulnerability in Helm where arbitrary file reads can be achieved via the `.Files.Get` function in templates. The ConfigMap template reads the contents of `/etc/hosts` (or any file specified in `values.yaml`) and embeds it in the ConfigMap, demonstrating the vulnerability.

Description

Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.

Exploits (1)

nomisec WORKING POC
by DeveloperOl · poc
https://github.com/DeveloperOl/CVE-2022-24348-2

This repository contains a Helm chart that exploits CVE-2022-24348, a vulnerability in Helm where arbitrary file reads can be achieved via the `.Files.Get` function in templates. The ConfigMap template reads the contents of `/etc/hosts` (or any file specified in `values.yaml`) and embeds it in the ConfigMap, demonstrating the vulnerability.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Helm (versions prior to 3.8.2, 3.7.2, 3.6.3)
No auth needed
Prerequisites: Access to a Kubernetes cluster with Helm installed · Permission to deploy Helm charts
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.7
EPSS 0.0349
EPSS Percentile 87.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (2)
argoproj/argo-cd 0 - 2.1.9 (2 CPE variants)Go
argoproj/argo_cd < 2.1.9
Published Feb 04, 2022
Tracked Since Feb 18, 2026